Chapter 29: Medical Record Guidelines

This chapter contains policies for maintaining member medical records, including medical record standards and contractual requirements regarding retention and disclosure of information. These guidelines are used to perform clinical audits in conjunction with ongoing quality assurance activities.

EmblemHealth requires its providers to maintain accurate medical records. The primary purpose of the record is to document the course of the member's health, and illness and treatments. The record also serves as a mode of communication between physicians and other professionals participating in the member’s care, as well as between settings. The entire medical record of an active member must remain in the primary care physician's office or within the facility in which the member was treated, and must be consistent with all relevant local, state and federal laws, rules, and regulations..

EmblemHealth may request a copy of, or make an on-site visit to review, your medical records for internal and regulatory chart audits.

The medical record should identify the member’s complaints/symptoms, diagnosis, basis for the diagnosis, treatment plan(s) consistent with diagnosis, historical medications and treatment, members’ needs, barriers, strengths, and limitations. It also should include the discussion of treatment options, side effects, decisions made, and treatments rendered.

All entries in a medical record must:

• Have the author’s identification: a handwritten signature, unique electronic identifier, or initials.
• Have a date of service.
• Is complete and legible to someone other than the writer.

Primary Care Physician (PCP) – Coordination of Care
The record verifies that the PCP coordinates and manages the member's care. In cases when a member’s benefit plan does not require a PCP assignment, the primary physician managing the member’s care would coordinate that care. Each member should have a unique medical record that contains at least the following information:

Personal

• Name on each page in the medical record
• EmblemHealth ID number on each page in the medical record
• Date of birth
• Address and phone number
• Employer's name, address, and phone number
• Marital status
• Benefit plan participation and copayment (if applicable)
• Name of the primary care physician (PCP)
• List of allergies and/or adverse reactions, or "No Known Allergies" (NKA)
• Patient’s self-reported race, ethnicity, and preferred language

Medical

• Comprehensive baseline history and physical (see details below)
• Diagnostic test results
• Consult reports
• Progress notes
• Medication records, including medications, dosage, frequency, dates of initial and/or refill prescriptions, over-the-counter medications, supplements, etc.
• Problem list, including but not limited to past medical history, chronic or significant ongoing acute medical conditions, significant surgical conditions, and significant behavioral health conditions.
• Allergy and/or adverse reactions to drugs documentation. Note if no known allergies and/or adverse reactions.
• Telephone/communication log
• Immunization records
• Preventive health screening records
• Inpatient/ER discharge summary reports, if applicable*
• Operative reports, if applicable

* The PCP must also clearly document any follow-up on the member's ER visit and/or hospitalization, whether an office visit, written correspondence, or telephone conversation.

The comprehensive baseline history and physical must include a review of:

• Subjective and objective complaints/problems
• Family history
• Social history (i.e., occupation, education, living situation, risk behaviors)
• Significant accidents, surgeries, illnesses, and mental health issues
• Complete and comprehensive review of systems (including patient's presenting complaint, as applicable)
• Social determinants of health
• Cultural needs including family, social, religious, literacy
• Cognitive abilities
• Psychosocial emotional health and prior treatment
• Reports from other physicians and treatment including vision, hearing, information from specialists, facilities
• Family support
• Prenatal care and birth information (baseline, 18 years and younger only) in cases where the member has both a PCP and an OB/GYN, they must coordinate to ensure there is a centralized medical record for the provision of prenatal care and all other services

Periodic reviews of history and physicals should be repeated in accordance with age-appropriate preventive care guidelines.

Within the record (electronic or paper), reports of similar type (i.e., progress notes, laboratory reports) should be filed together in chronological or reverse chronological order permitting easy retrieval of information and initialed by the physician to indicate they have been read. Each progress note filed should be legibly written or typed, signed and dated by the author, and contain at least the following items:

• The reason for visit as stated by the member
• The duration of the problem
• Findings on physical examination
• Laboratory and x-ray results, if any
• Diagnosis or assessment of the member's condition
• Therapeutic or preventive services prescribed, if any
• Dosage, duration, and side-effect information of any prescription given, with medication allergies and adverse reactions noted prominently (updated during a physical, when a prescription is written, or annually, whichever comes soonest)
• Follow-up plan (including self-care training and actions) or that no follow-up is required
• Time to next visit and other follow-up appointments

Reports generated in response to a request for a test or consultation must be filed immediately in the medical record with the member's name, ID number, and date of birth on each document page.

Test results should be reported to the member within a reasonable time after the physician receives, reviews, and files with a progress note indicating when the member is notified, by whom, and the next steps in the treatment plan.

Provider Signature Attestation
The Centers for Medicare & Medicaid Services (CMS) requires each date of service in a member's medical record to be accompanied by a legible provider signature and credentials. Some examples of appropriate credentials are MD, DO, and PhD. For your medical records to be deemed compliant, you must authenticate each note for which services are provided. Acceptable physician authentication includes handwritten and electronic signatures or signature stamps. Please review the tables that follow for examples of acceptable and unacceptable signatures and credentials.

The primary care physician’s office is responsible for maintaining and securely storing a member's medical record. An active member's record should be available at the time of the member's appointment and when requested by EmblemHealth, the New York State Department of Health (NYSDOH), CMS, and Local Department of Social Services (LDSS) (for Medicaid only), or other authorized entity for utilization review and for quality and other applicable audits.

Practitioners are responsible for maintaining a patient's original medical records for six (6) years (or 10 years for Medicare members) after either the last date of service rendered or the date the member no longer seeks care from that provider. In the case of a minor, the records shall be retained for three years after the member reaches adulthood or six years after the date of service, whichever is later. This timeline applies even if the patient has terminated his/her EmblemHealth coverage.

All practitioners must observe applicable state and federal laws, rules, and regulations concerning the confidentiality of medical records.

Medical record review tools can help ensure that your medical records adhere to our standards. EmblemHealth’s medical record review tools are located in the Provider Toolkit and are listed below. We ask our providers to check our website periodically for updates. 

• Adult Medical Record Review Tool
• Maternity Medical Record Review Tool
• Pediatric and Adolescent Medical Record Review Tool

See the Required Provisions to Network Provider Agreements chapter of this manual for contract language between the practitioner and EmblemHealth regarding medical records. See the

Members are entitled to access, review, copy, and request amendments to records concerning their health care. All or part of the medical record may be released to the member or other "qualified persons" with written authorization from the member and in accordance with applicable state and federal law.

"Qualified persons" are appointed by members or the court to handle specific areas of concern on the member's behalf. Examples of "qualified persons" include, but are not limited to:

• Court-appointed committee for an incompetent parent of a minor
• Court-appointed guardian of a minor
• Other legally appointed guardian

The Authorization to Use or Disclose Protected Health Information form should be completed to provide medical record release authorization. If this form is not used, the written consent must include the following information:

• Name of the physician from whom the information is requested
• Name and address of the institution, agency, or individual that is to receive the information
• Member's full name, address, date of birth, and EmblemHealth ID number
• The extent or nature of the information to be released, including dates of treatment
• Date of initiation of authorization
• Signature of the member or qualified person

Member requests should be honored within 10 days of the receipt date of the written authorization.

A member or qualified person may challenge the accuracy of information in the medical record and may require that a statement describing the challenge be included in the record.

Access to member information may be denied only if the provider determines that access can reasonably be expected to cause substantial harm to the member or others or would have a detrimental effect on the provider's professional relationship with the patient or his or her ability to provide treatment.

The physician may place reasonable limitations on the time, place, and frequency of any inspections of the patient information. Personal notes or observations may be excluded from any disclosure based on the provider's reasonable judgment.

Special authorizations, forms, and procedures are required for HIV-related testing (both before and after the test is performed) and for release of any HIV-related information from the medical record. To release confidential HIV-related information, consent forms created or approved by the NYSDOH must be used. All authorizations requesting the release of behavioral health records must specify the information requested concerns behavioral health treatment.

We recommended providers consult legal counsel with regards to records disclosure issues.

Advance directives are written instructions, recognized under state law, which relate to the provision of health care when the individual is incapacitated and unable to communicate his/her desires. Examples include such documents as a living will, durable power of attorney for health care, health care proxy, or do not resuscitate (DNR) request.

EmblemHealth expects its practitioners to honor a member's request regarding the type of care stipulated under an advance directive.

Upon enrollment, and consistent with relevant federal and state laws, each member receives the following:

• "Planning in Advance for Your Medical Treatment," an NYSDOH article that describes an individual's rights in New York State with respect to health care decision-making.
• "Appointing Your Health Care Agent – New York State's Proxy Law," an NYSDOH article that provides information and a sample form to be used to appoint a "health care agent."
• A letter describing EmblemHealth's policy for implementing the requirements under the law and regulations.

Our practitioners should discuss advance directives with their patients (as appropriate) and file a copy of any advance directive document in the medical record. Each medical record containing an advance directive should clearly indicate the document is included.

Telehealth services are live, interactive audio and visual transmissions of a physician-patient encounter from one site to another using telecommunications technology. They may include transmissions of real-time telecommunications or those transmitted by store-and-forward technology. Telephone (audio only) services, which are considered audio transmissions, per the CPT definition, are non-face-to-face evaluation and management (E/M) services provided to a patient using the telephone by a physician or other qualified health care professional, who may report E/M services.

We expect the highest quality of care, including face-to-face interaction between the patient and provider whenever possible. To reduce liability and the risk of medical errors with telehealth and telephone services, we require practitioners to adhere to the following procedures:

• Document every telehealth or telephone service in the patient's medical record.
• Base notes on the same principles of documentation as face-to-face interaction. Whenever practical, have the patient's medical records available when telehealth or telephone service is conducted from the practitioner's office.
• All covering physicians should provide the attending physician's office with clearly labeled notes of telehealth or telephone services.
• Office staff who interact with patients telephonically or through telehealth regarding medical issues including, but not limited to, appointment reminders, refills, and diagnostic reports, should also document these interactions in the medical record.

We expect the highest quality of care, including face-to-face interaction between the patient and provider whenever possible. To reduce liability and the risk of medical errors with electronic mail consultations, EmblemHealth has adopted the following guidelines set forth by the American Medical Association:

Communication Guidelines

• Establish turnaround time for messages. Exercise caution when using email for urgent matters.
• Inform patients about privacy issues.
• Patients should know who, besides the provider or provider’s office staff, processes messages during usual business hours and during the provider's vacation or illness.
• Whenever possible and appropriate, retain electronic and/or paper copies of email communications with patients.
• Establish types of transactions (prescription refill, appointment scheduling, etc.) and sensitivity of subject matter (HIV, mental health, etc.) permitted over email.
• Instruct patients to put the category of transaction in the subject line of the message for filtering: prescription, appointment, medical advice, billing question.
• Request patients put their name and patient identification number in the body of the message.
• Configure automatic reply to acknowledge receipt of messages.
• Send a new message to inform patients of request completion.
• Request patients use auto-reply feature to acknowledge reading clinician's message.
• Develop archival and retrieval mechanisms.
• Maintain a mailing list of patients, but do not send group mailings where recipients are visible to each other. Use blind copy feature in software.
• Avoid anger, sarcasm, harsh criticism, and libelous references to third parties in messages.
• Append a standard block of text to the end of email messages to patients that contains the physician's full name, contact information, and reminders about security and the importance of alternative forms of communication for emergencies.
• Explain to patients their messages should be concise.
• When email messages become too lengthy or the correspondence is prolonged, notify patients to come in person to discuss or call them.
• Remind patients when they do not adhere to the guidelines.
• For patients who repeatedly do not adhere to the guidelines, it is acceptable to terminate the email relationship.

Legal and Administrative Guidelines
Develop a patient-clinician agreement for the informed consent for the use of email. This should be discussed with and signed by the patient and documented in the medical record. Provide patients with a copy of the agreement. Agreement should contain the following:

• Communication guidelines (stated above).
• Instructions for when and how to move to telephone calls and/or office visits.
• Clauses that hold harmless the health care institution for information loss due to technical failures.
• Waivers of the encryption requirement, if any, at patient's request.
• Descriptions of security mechanisms in place, including:
  • Using a password-protected screen saver for all desktop workstations in the office, hospital, and at home.
  • Never forwarding patient-identifiable information to a third party without the patient's express permission (in writing).
  • Never using patient's email address in a marketing scheme.
  • Not sharing professional email accounts with family members.
  • Not using unencrypted wireless communications with patient-identifiable information.
  • Double-checking all To, CC, and BCC fields prior to sending messages.
  • Performing backups of email onto long-term storage at least every week. In this case, “long-term’’ is the same length of time as for paper records.
  • Commit policy decisions to writing and electronic form.

The policies and procedures for email should be shared with all patients who wish to communicate electronically. When appropriate, these policies and procedures should also be applied to facsimile/fax communications.